Lucene search
K

49 matches found

Snyk
Snyk
added 2026/03/03 7:57 p.m.3 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the $include directive in configuration file resolution. An attacker can access arbitrary files outside the intended directory by specifying absolute or traversal...

6.9CVSS6.2AI score0.00146EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 7:57 p.m.5 views

GHSA-56PC-6HVP-4GV4 OpenClaw vulnerable to arbitrary file read via $include directive

Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...

6.9CVSS6AI score0.00146EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/03 7:57 p.m.6 views

OpenClaw vulnerable to arbitrary file read via $include directive

Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...

6.7CVSS6AI score0.00146EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.4 views

PT-2026-24671

Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...

6.7CVSS5.8AI score0.00146EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.3 views

PT-2026-21097

Name of the Vulnerable Software and Affected Versions thembay Nika versions through 1.2.14 Description An issue exists in thembay Nika that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This is a PHP Remote File Inclusion issue...

5.5AI score0.00504EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.7 views

openSUSE 15 Security Update : libxml2 (SUSE-SU-2026:0334-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0334-1 advisory. - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving directives...

3.7CVSS5.1AI score0.00419EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2022-2384

Malicious code in bioql PyPI...

7.2CVSS7.2AI score0.02657EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-1120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive...

6.5CVSS6.4AI score0.00987EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.3 views

CVE-2022-1120

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...

6.5CVSS6.6AI score0.00987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:49 p.m.11 views

CVE-2020-12827

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

7.2CVSS6.7AI score0.02657EPSS
Exploits4
OSV
OSV
added 2022/05/24 5:20 p.m.4 views

GHSA-4HCH-R9XF-6VFR MJML vulnerable to path traversal

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

7.2CVSS5.9AI score0.02657EPSS
Exploits4References6
Oracle linux
Oracle linux
added 2022/05/17 12:0 a.m.151 views

openssh security, bug fix, and enhancement update

8.0p1-13 - Upstream: ClientAliveCountMax=0 disable the connection killing behaviour 2015828 8.0p1-12 - Add support for 'Include' directive in sshdconfig file 1926103 8.0p1-11 - CVE-2021-41617 upstream fix 2008885...

7CVSS1.4AI score0.02367EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2022/04/04 8:15 p.m.7 views

CVE-2022-1120

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...

6.5CVSS6.5AI score0.00987EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/04/04 8:15 p.m.3 views

UBUNTU-CVE-2022-1120

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...

6.5CVSS5.8AI score0.00987EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/04/04 12:0 a.m.2 views

PT-2022-13670 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.7.7 GitLab CE/EE versions 14.8 prior to 14.8.5 GitLab CE/EE versions 14.9 prior to 14.9.2 Description: The issue concerns missing filtering in an error message, which exposes sensitive information when an...

6.5CVSS6.2AI score0.00987EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.17 views

GitLab Community Edition和GitLab Enterprise Edition 信息泄露漏洞

GitLab Enterprise Edition is a content management system.GitLab Community Edition is a community edition of GitLab by GitLab, Inc. An information disclosure vulnerability exists in GitLab Community Edition CE and Enterprise Edition EE due to a lack of filtering in error messages. When the include...

6.5CVSS6.5AI score0.00987EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2018:2162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.1AI score0.02255EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.33 views

openSUSE Security Update : nasm (openSUSE-2020-954)

This update for nasm fixes the following issues : nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. - Fix crash due to multiple errors or warnings during the code generation pass if a list file i...

7.8CVSS6.5AI score0.05166EPSS
Exploits14References27
NVD
NVD
added 2020/06/17 2:15 p.m.40 views

CVE-2020-12827

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

7.2CVSS0.02657EPSS
Exploits4References7
Prion
Prion
added 2020/06/17 2:15 p.m.20 views

Path traversal

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

6.4CVSS6.8AI score0.02657EPSS
Exploits4References7Affected Software1
Rows per page
Query Builder